About the security content of Safari 14.1.1

2021-05-24T00:00:00

Description

# About the security content of Safari 14.1.1 This document describes the security content of Safari 14.1.1. ## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. ## Safari 14.1.1 Released May 24, 2021 **WebKit** Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative **WebKit** Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop **WebKit** Available for: macOS Catalina and macOS Mojave Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) **WebKit** Available for: macOS Catalina and macOS Mojave Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: Prakash (@1lastBr3ath) Entry updated July 21, 2021 **WebKit** Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos **WebKit** Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher **WebKit** Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30663: an anonymous researcher **WebRTC** Available for: macOS Catalina and macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google ## Additional recognition **WebKit** We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information. Published Date: November 06, 2023

Affected Software

CPE Name	Name	Version
	safari	14.1.1

{"id": "APPLE:CABE34499864F4FA47751E5A9FCC58AC", "vendorId": null, "type": "apple", "bulletinFamily": "software", "title": "About the security content of Safari 14.1.1", "description": "# About the security content of Safari 14.1.1\n\nThis document describes the security content of Safari 14.1.1.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n## Safari 14.1.1\n\nReleased May 24, 2021\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative\n\nCVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.\n\nCVE-2021-30744: Dan Hite of jsontop\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-30720: David Sch\u00fctz (@xdavidhu)\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-30682: Prakash (@1lastBr3ath)\n\nEntry updated July 21, 2021\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-21779: Marcin Towalski of Cisco Talos\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-30689: an anonymous researcher\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2021-30663: an anonymous researcher\n\n**WebRTC**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed with improved input validation.\n\nCVE-2021-23841: Tavis Ormandy of Google\n\nCVE-2021-30698: Tavis Ormandy of Google\n\n## Additional recognition\n\n**WebKit**\n\nWe would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: November 06, 2023\n", "published": "2021-05-24T00:00:00", "modified": "2021-05-24T00:00:00", "epss": [{"cve": "CVE-2021-21779", "epss": 0.00297, "percentile": 0.65885, "modified": "2023-12-02"}, {"cve": "CVE-2021-23841", "epss": 0.00396, "percentile": 0.70469, "modified": "2023-12-02"}, {"cve": "CVE-2021-30663", "epss": 0.00303, "percentile": 0.6622, "modified": "2023-12-02"}, {"cve": "CVE-2021-30682", "epss": 0.00068, "percentile": 0.27933, "modified": "2023-12-02"}, {"cve": "CVE-2021-30689", "epss": 0.00157, "percentile": 0.51984, "modified": "2023-12-02"}, {"cve": "CVE-2021-30698", "epss": 0.0038, "percentile": 0.69865, "modified": "2023-12-02"}, {"cve": "CVE-2021-30720", "epss": 0.00156, "percentile": 0.51786, "modified": "2023-12-02"}, {"cve": "CVE-2021-30734", "epss": 0.0024, "percentile": 0.61714, "modified": "2023-12-02"}, {"cve": "CVE-2021-30744", "epss": 0.00118, "percentile": 0.45475, "modified": "2023-12-02"}, {"cve": "CVE-2021-30749", "epss": 0.0024, "percentile": 0.61714, "modified": "2023-12-02"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://support.apple.com/kb/HT212534", "reporter": "Apple", "references": ["https://support.apple.com/en-us/HT201222"], "cvelist": ["CVE-2021-21779", "CVE-2021-23841", "CVE-2021-30663", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30698", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749"], "immutableFields": [], "lastseen": "2023-12-02T22:10:59", "viewCount": 137, "enchantments": {"affected_software": {"major_version": [{"name": "safari", "version": 14}]}, "affected_software_major_version": [{"name": "safari", "version": 14}], "dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY33.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2021:4198", "ALSA-2021:4381", "ALSA-2021:4424"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-21779", "ALPINE:CVE-2021-23841", "ALPINE:CVE-2021-30663", "ALPINE:CVE-2021-30682", "ALPINE:CVE-2021-30689", "ALPINE:CVE-2021-30720", "ALPINE:CVE-2021-30734", "ALPINE:CVE-2021-30744", "ALPINE:CVE-2021-30749"]}, {"type": "altlinux", "idList": ["9010C82E1F47A1ADFFAA739AF4943069", "B0DA0CE217A75449EFDF514507A4B5A7"]}, {"type": "amazon", "idList": ["ALAS-2021-1482", "ALAS-2021-1612", "ALAS2-2021-1608", "ALAS2-2021-1612", "ALAS2-2023-2088"]}, {"type": "apple", "idList": ["APPLE:3D2B7EA0D2FC28210AECB76B2C407C9F", "APPLE:4E4515CD7FD997AA98D94164483D0679", "APPLE:52D5DC71EAE54F6DF0EA591406E6C671", "APPLE:63DD59AAEDECD46C156A7668A930E353", "APPLE:72B0255E1DE0446B228B5371EDD14ACD", "APPLE:73550C0E0CC4D3E6D5DC38456DA89443", "APPLE:8592A5882F33472850FF959BB2667129", "APPLE:B08BBADEFC88806E12CB234F1EB6C4C6"]}, {"type": "archlinux", "idList": ["ASA-202102-42", "ASA-202107-67", "ASA-202107-68"]}, {"type": "attackerkb", "idList": ["AKB:61DB1B67-FFE2-4A84-8445-DD1303479F56"]}, {"type": "centos", "idList": ["CESA-2021:3798"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-30663"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:177BD11FEDF3F89426E99286BC7DC46B"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1614885634"]}, {"type": "cve", "idList": ["CVE-2021-21779", "CVE-2021-23841", "CVE-2021-30663", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30698", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2563-1:7D5FC", "DEBIAN:DLA-2563-1:B363B", "DEBIAN:DLA-2565-1:2FCB7", "DEBIAN:DLA-2565-1:CC1A3", "DEBIAN:DSA-4855-1:4A0C0", "DEBIAN:DSA-4855-1:B091B", "DEBIAN:DSA-4945-1:08051"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-21779", "DEBIANCVE:CVE-2021-23841", "DEBIANCVE:CVE-2021-30663", "DEBIANCVE:CVE-2021-30682", "DEBIANCVE:CVE-2021-30689", "DEBIANCVE:CVE-2021-30720", "DEBIANCVE:CVE-2021-30734", "DEBIANCVE:CVE-2021-30744", "DEBIANCVE:CVE-2021-30749"]}, {"type": "fedora", "idList": ["FEDORA:7879F312EC5F", "FEDORA:8A032304C446"]}, {"type": "freebsd", "idList": ["56BA4513-A1BE-11EB-9072-D4C9EF517024", "96A21236-707B-11EB-96D8-D4C9EF517024"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-21:17.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-202103-03", "GLSA-202202-01"]}, {"type": "github", "idList": ["GHSA-84RM-QF37-FGC2"]}, {"type": "githubexploit", "idList": ["4E834790-A0F9-5830-88FE-F520B8FE3CBB", "5BCFB44C-A4FD-5890-AE9A-A60CC135A2F1", "F2076B48-44ED-5B15-9B08-53183DC5B9EF"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "ibm", "idList": ["023AF7CE811F35CB9EA5BD22171F66AA17D83D1B9FF44FF925D320814BAE40E2", "0319E4F01D8C2BB1E1D9CA642942762AB6D0486EE87445E505B6585BF79E6E34", "045B3221FB3BBC39DD70A158CACD0ACC0885A17A6B16F3CCA24E243D79A3DFB4", "08B8F7A5BD2A4C807B593B79793086AE818A4C18A2CA1A3A38E171A0EA5BD485", "161E93A17C210873A930616B7AA642E8DECB548C126F51ACBF476947F04F5F46", "20763F2B27C66C722124CBB23FF4ECBE76431735E0AC6E1F94E8999CB3A2CB25", "26D8B9BA25346A1142EC41EC455309415D14076E05E1C0FE94BCF3C77CFC130B", "2A1E47DBD233FE789FE30CE03EB01C4E46A020DBEF4F312E3EE04541FD0B1866", "2E58B569B4DB4763709C8CD7E2753A53378BB27D938664EE87B306305B546DAA", "3751D59918B26EEDBAC0FEE1886D1A118A9D2105E993222B09C299A55F5D8424", "3E676CEE741F035B426AAE7DF3EC83BF7941667EB382805D029B2A95E65A0352", "4C62280F93124FD0C7C5C20CA30CD4D137F1D0A9E1E35780DCDE98EDBCFD8B1B", "51B18D37F54E0E13CB87112E0323518D15B4E3A206BB32632FE2181BBF89BDC8", "54C108178FEFCC2E097FAAE5C25ED91CFC0811D8F54A2518390833D0DCC7402A", "5CAD5D32258B6EBB72263ED99B6DE586C3A3347FA7743140740A1F7CC94CC9A8", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "74F2A94336E51B0E3062906A1A2B7FB8CDE35DFD901789C840E3CE1DA62E9EF6", "7712F0249FC574F5E6BB742100BF0E53D089C499325D28D0E2739DFD47B4CADA", "7D158CE8DF0EAA9F8D32E562C6E3311BC04075EC6BE07466A648F40065F0CEAD", "7E466DB7C3E6D0FD95B6290D6AABCA2CA5965052B0CC5CB552473151BFA7576F", "7EDC7E4A607AC78AB259E545462224179BA0B894DBBE1C19D52406785B960D30", "82D897D235CFB70936ACD9CA3E6034885E56EBCC4A41A67CD33F1077B9C80885", "8A9DA62ACD0528EEF6577A7929613A497D58F78FF0E64379975CCC381DD42953", "8CD12EF78572A4084B09F1DEB451D5D52F854099E5B1A1A30714B96E6F38483F", "8D64F104C14AF2A33552E861AE403F451EDADB214820F820DA429C523DB6D464", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "9C2F629D74A0CEB50295825F06E9E3F031D43FAA69C3940ECFB41EE6607361C2", "A2D06FB3017FCE651EA8255C84E9C676D1204865B3375BA8E8B8F438AA9B7256", "A3AA1EABC04F772D5CDA8853B864F229765DC4A3D9C4B8F0FBF97542821DB5E9", "A5DABD1C1B1C58D900A9518CCA7EC1C03488CC2DF1750F65600D7F0C8E0E4763", "A701AFC8C238BDFFC275CACF75BFA2343212CCA8077B0C43D13D17FB1392C9ED", "AED0F240DF3C88F319E3FB42ACD61D16097A82B46ED80B7D90B6C196F011838C", "B0528F9B036E05AC9A10262631DAF76C50D058E8380B936E9BB1177907389047", "B0DF32322CE6A2B6D1EC5D029C9322141A4F0B90F6393DD9417AE692DA63CE98", "BB600B119BB0BCBE0C1A441D96B93496AC1319A4F50379AB81C6EC6E8A6222AF", "C8E3076BF00DD8380618AD02C4DDA7DF7604CC6B6A724449CCB6A06853CAED2A", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "CA1E3EFC07D22B2DA86595362931D640F30F757529856481F669DB4619DAD922", "D288D5ADF67DE9C3743BE8316D7F496F7CA64A396C1E8E9019178232D17AF15D", "D9C440A1478785F45C6AD68BEF4F0EC5784B395DD2BBDDDD3E7C17B748E0A64F", "DDE11A6EB73BE3F98B37D85D58288FC1BB387A976FF07E231F2FC766E2B956AB", "E7B4E1607446FED2E1EA3DED4F35354BBD746B762279FBE37A746CB69873BBAB", "FA28CB50714C2E033435E17981D021316797914289ED09AB906E1A7CBA22C8A3", "FEE45A44E8C46E13896C20C8C9B2A275C16E5652E4DF723FE4A044838B932DB1"]}, {"type": "ics", "idList": ["ICSA-21-336-06", "ICSA-22-258-05"]}, {"type": "mageia", "idList": ["MGASA-2021-0108", "MGASA-2021-0400"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:11D4071979D3FC1E6028AA8D71EB87F4"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1608.NASL", "AL2_ALAS-2021-1612.NASL", "AL2_ALAS-2023-2088.NASL", "ALA_ALAS-2021-1482.NASL", "ALMA_LINUX_ALSA-2021-4198.NASL", "ALMA_LINUX_ALSA-2021-4381.NASL", "ALMA_LINUX_ALSA-2021-4424.NASL", "APPLETV_14_6.NASL", "APPLE_IOS_1253_CHECK.NBIN", "APPLE_IOS_1451_CHECK.NBIN", "CENTOS8_RHSA-2021-4198.NASL", "CENTOS8_RHSA-2021-4381.NASL", "CENTOS8_RHSA-2021-4424.NASL", "CENTOS_RHSA-2021-3798.NASL", "DEBIAN_DLA-2563.NASL", "DEBIAN_DLA-2565.NASL", "DEBIAN_DSA-4855.NASL", "DEBIAN_DSA-4945.NASL", "EULEROS_SA-2021-1721.NASL", "EULEROS_SA-2021-1740.NASL", "EULEROS_SA-2021-1825.NASL", "EULEROS_SA-2021-1826.NASL", "EULEROS_SA-2021-1882.NASL", "EULEROS_SA-2021-1907.NASL", "EULEROS_SA-2021-1908.NASL", "EULEROS_SA-2021-1909.NASL", "EULEROS_SA-2021-1935.NASL", "EULEROS_SA-2021-1956.NASL", "EULEROS_SA-2021-2005.NASL", "EULEROS_SA-2021-2032.NASL", "EULEROS_SA-2021-2044.NASL", "EULEROS_SA-2021-2091.NASL", "EULEROS_SA-2021-2154.NASL", "EULEROS_SA-2021-2416.NASL", "EULEROS_SA-2021-2417.NASL", "EULEROS_SA-2021-2418.NASL", "EULEROS_SA-2021-2456.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "EULEROS_SA-2021-2872.NASL", "EULEROS_SA-2021-2874.NASL", "EULEROS_SA-2022-1059.NASL", "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "FREEBSD_PKG_96A21236707B11EB96D8D4C9EF517024.NASL", "GENTOO_GLSA-202103-03.NASL", "GENTOO_GLSA-202202-01.NASL", "JUNIPER_JSA69715.NASL", "MACOS_HT212335.NASL", "MACOS_HT212529.NASL", "MYSQL_5_7_34.NASL", "MYSQL_8_0_24.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_24.NASL", "NEWSTART_CGSL_NS-SA-2022-0017_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0096_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2023-0025_OPENSSL.NASL", "NNM_5_13_1.NASL", "NUTANIX_NXSA-AOS-5_20_3.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENSSL_1_0_2Y.NASL", "OPENSSL_1_1_1J.NASL", "OPENSUSE-2021-1101.NASL", "OPENSUSE-2021-2598.NASL", "OPENSUSE-2021-427.NASL", "OPENSUSE-2021-430.NASL", "OPENSUSE-2022-0182-1.NASL", "ORACLELINUX_ELSA-2021-3798.NASL", "ORACLELINUX_ELSA-2021-4381.NASL", "ORACLELINUX_ELSA-2021-4424.NASL", "ORACLELINUX_ELSA-2021-9478.NASL", "ORACLELINUX_ELSA-2021-9528.NASL", "ORACLELINUX_ELSA-2021-9561.NASL", "PHOTONOS_PHSA-2021-4_0-0007_OPENSSL.NASL", "PUPPET_AGENT_CVE-2021-23841.NASL", "REDHAT-RHSA-2021-3798.NASL", "REDHAT-RHSA-2021-4198.NASL", "REDHAT-RHSA-2021-4381.NASL", "REDHAT-RHSA-2021-4424.NASL", "REDHAT-RHSA-2021-4614.NASL", "REDHAT-RHSA-2021-4861.NASL", "ROCKY_LINUX_RLSA-2021-4198.NASL", "ROCKY_LINUX_RLSA-2021-4381.NASL", "ROCKY_LINUX_RLSA-2021-4424.NASL", "SECURITYCENTER_OPENSSL_1_1_1J_TNS_2021_03.NASL", "SOLARIS_JUL2021_SRU11_3_36_26_0.NASL", "SUSE_SU-2021-0725-1.NASL", "SUSE_SU-2021-0752-1.NASL", "SUSE_SU-2021-0753-1.NASL", "SUSE_SU-2021-0754-1.NASL", "SUSE_SU-2021-0755-1.NASL", "SUSE_SU-2021-0769-1.NASL", "SUSE_SU-2021-0793-1.NASL", "SUSE_SU-2021-0939-1.NASL", "SUSE_SU-2021-14667-1.NASL", "SUSE_SU-2021-14670-1.NASL", "SUSE_SU-2021-2598-1.NASL", "SUSE_SU-2021-2600-1.NASL", "SUSE_SU-2021-2762-1.NASL", "SUSE_SU-2022-0142-1.NASL", "SUSE_SU-2022-0182-1.NASL", "SUSE_SU-2022-0182-2.NASL", "SUSE_SU-2022-0183-1.NASL", "TENABLE_NESSUS_AGENT_TNS_2021_04.NASL", "UBUNTU_USN-4738-1.NASL", "UBUNTU_USN-5024-1.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2021-23841"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3798", "ELSA-2021-4381", "ELSA-2021-4424", "ELSA-2021-9478", "ELSA-2021-9528", "ELSA-2021-9561"]}, {"type": "osv", "idList": ["OSV:CVE-2021-23841", "OSV:DLA-2563-1", "OSV:DLA-2565-1", "OSV:DSA-4945-1", "OSV:GHSA-84RM-QF37-FGC2", "OSV:RUSTSEC-2021-0058"]}, {"type": "photon", "idList": ["PHSA-2021-0007", "PHSA-2021-0200", "PHSA-2021-0325", "PHSA-2021-0366", "PHSA-2021-1.0-0366", "PHSA-2021-3.0-0200", "PHSA-2021-4.0-0007"]}, {"type": "prion", "idList": ["PRION:CVE-2021-21779", "PRION:CVE-2021-23841", "PRION:CVE-2021-30663", "PRION:CVE-2021-30682", "PRION:CVE-2021-30689", "PRION:CVE-2021-30698", "PRION:CVE-2021-30720", "PRION:CVE-2021-30734", "PRION:CVE-2021-30744", "PRION:CVE-2021-30749"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5101CC734C1A900451E5994AFF57209A", "QUALYSBLOG:70AF718BCABA36D5847184CA639B55C9", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "redhat", "idList": ["RHSA-2021:1168", "RHSA-2021:3016", "RHSA-2021:3798", "RHSA-2021:3873", "RHSA-2021:3925", "RHSA-2021:3949", "RHSA-2021:4032", "RHSA-2021:4198", "RHSA-2021:4381", "RHSA-2021:4424", "RHSA-2021:4613", "RHSA-2021:4614", "RHSA-2021:4627", "RHSA-2021:4845", "RHSA-2021:4848", "RHSA-2021:4861", "RHSA-2021:4863", "RHSA-2021:4902", "RHSA-2021:4914", "RHSA-2021:5038", "RHSA-2021:5128", "RHSA-2021:5137", "RHSA-2022:0202"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21779", "RH:CVE-2021-23841", "RH:CVE-2021-30663", "RH:CVE-2021-30682", "RH:CVE-2021-30689", "RH:CVE-2021-30720", "RH:CVE-2021-30734", "RH:CVE-2021-30744", "RH:CVE-2021-30749"]}, {"type": "rocky", "idList": ["RLSA-2021:4198", "RLSA-2021:4381", "RLSA-2021:4424"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2211"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0058"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0427-1", "OPENSUSE-SU-2021:0430-1", "OPENSUSE-SU-2021:1101-1", "OPENSUSE-SU-2021:2598-1", "OPENSUSE-SU-2022:0182-1", "OPENSUSE-SU-2022:0182-2"]}, {"type": "symantec", "idList": ["SMNTC-17570"]}, {"type": "talos", "idList": ["TALOS-2021-1238"]}, {"type": "thn", "idList": ["THN:080F85D43290560CDED8F282EE277B00", "THN:0D13405795D42B516C33D8E56A44BA9D", "THN:3251602ACD4E04F5F4C7F140878960E0", "THN:BB8CDCFD08801BDD2929E342853D03E9", "THN:F0D5DEDB6BEE875D30F098FB7A4E55A1"]}, {"type": "threatpost", "idList": ["THREATPOST:33E56DEB736406F9DD08C7533BF1812B"]}, {"type": "ubuntu", "idList": ["USN-4738-1", "USN-4745-1", "USN-5024-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-21779", "UB:CVE-2021-23841", "UB:CVE-2021-30663", "UB:CVE-2021-30682", "UB:CVE-2021-30689", "UB:CVE-2021-30720", "UB:CVE-2021-30734", "UB:CVE-2021-30744", "UB:CVE-2021-30749"]}, {"type": "veracode", "idList": ["VERACODE:29419", "VERACODE:31411", "VERACODE:31413", "VERACODE:31415"]}, {"type": "zdi", "idList": ["ZDI-21-761", "ZDI-21-769"]}]}, "score": {"value": 9.0, "uncertanity": 0.3, "vector": "NONE"}, "epss": [{"cve": "CVE-2021-21779", "epss": 0.0019, "percentile": 0.54981, "modified": "2023-05-01"}, {"cve": "CVE-2021-23841", "epss": 0.00299, "percentile": 0.64861, "modified": "2023-05-01"}, {"cve": "CVE-2021-30663", "epss": 0.00303, "percentile": 0.65147, "modified": "2023-05-01"}, {"cve": "CVE-2021-30682", "epss": 0.00068, "percentile": 0.27617, "modified": "2023-05-01"}, {"cve": "CVE-2021-30689", "epss": 0.00157, "percentile": 0.50771, "modified": "2023-05-01"}, {"cve": "CVE-2021-30698", "epss": 0.0038, "percentile": 0.68892, "modified": "2023-05-01"}, {"cve": "CVE-2021-30720", "epss": 0.00156, "percentile": 0.50557, "modified": "2023-05-01"}, {"cve": "CVE-2021-30734", "epss": 0.00235, "percentile": 0.60105, "modified": "2023-05-01"}, {"cve": "CVE-2021-30744", "epss": 0.00118, "percentile": 0.44453, "modified": "2023-05-01"}, {"cve": "CVE-2021-30749", "epss": 0.00235, "percentile": 0.60105, "modified": "2023-05-01"}], "vulnersScore": 9.0}, "_state": {"affected_software_major_version": 0, "dependencies": 1701555107, "score": 1701555097, "epss": 0}, "_internal": {"score_hash": "b4c67558e734014db786bdf68c0eef6b"}, "affectedSoftware": [{"version": "14.1.1", "operator": "lt", "name": "safari"}]}

{"archlinux": [{"lastseen": "2023-12-02T15:37:33", "description": "Arch Linux Security Advisory ASA-202107-68\n==========================================\n\nSeverity: High\nDate : 2021-07-27\nCVE-ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665\nCVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\nCVE-2021-30749 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799\nPackage : wpewebkit\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2221\n\nSummary\n=======\n\nThe package wpewebkit before version 2.32.3-1 is vulnerable to multiple\nissues including arbitrary code execution, access restriction bypass,\ncross-site scripting and information disclosure.\n\nResolution\n==========\n\nUpgrade to 2.32.3-1.\n\n# pacman -Syu \"wpewebkit>=2.32.3-1\"\n\nThe problems have been fixed upstream in version 2.32.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21775 (information disclosure)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A use-after-free vulnerability exists in the way certain events\nare processed for ImageLoader objects of WebKit. A specially crafted\nweb page can lead to a potential information leak and further memory\ncorruption. In order to trigger the vulnerability, a victim must be\ntricked into visiting a malicious webpage.\n\n- CVE-2021-21779 (information disclosure)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A use-after-free vulnerability exists in the way that WebKit\nGraphicsContext handles certain events. A specially crafted web page\ncan lead to a potential information leak and further memory corruption.\nA victim must be tricked into visiting a malicious web page to trigger\nthis vulnerability.\n\n- CVE-2021-30663 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30665 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited.\n\n- CVE-2021-30689 (cross-site scripting)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\nuniversal cross site scripting.\n\n- CVE-2021-30720 (access restriction bypass)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A malicious website may be able to access restricted ports on\narbitrary servers.\n\n- CVE-2021-30734 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30744 (cross-site scripting)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\nuniversal cross site scripting.\n\n- CVE-2021-30749 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30795 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30797 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to code\nexecution.\n\n- CVE-2021-30799 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or disclose sensitive\ninformation through crafted web content. Apple is aware of a report\nthat one of the arbitrary code execution issues may have been actively\nexploited.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-21775\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1229\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-21779\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1238\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30663\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30665\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30689\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30720\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30734\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30744\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30749\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30795\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30797\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30799\nhttps://security.archlinux.org/CVE-2021-21775\nhttps://security.archlinux.org/CVE-2021-21779\nhttps://security.archlinux.org/CVE-2021-30663\nhttps://security.archlinux.org/CVE-2021-30665\nhttps://security.archlinux.org/CVE-2021-30689\nhttps://security.archlinux.org/CVE-2021-30720\nhttps://security.archlinux.org/CVE-2021-30734\nhttps://security.archlinux.org/CVE-2021-30744\nhttps://security.archlinux.org/CVE-2021-30749\nhttps://security.archlinux.org/CVE-2021-30795\nhttps://security.archlinux.org/CVE-2021-30797\nhttps://security.archlinux.org/CVE-2021-30799", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-27T00:00:00", "type": "archlinux", "title": "[ASA-202107-68] wpewebkit: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2021-07-27T00:00:00", "id": "ASA-202107-68", "href": "https://security.archlinux.org/ASA-202107-68", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T15:37:31", "description": "Arch Linux Security Advisory ASA-202107-67\n==========================================\n\nSeverity: High\nDate : 2021-07-27\nCVE-ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665\nCVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\nCVE-2021-30749 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799\nPackage : webkit2gtk\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2220\n\nSummary\n=======\n\nThe package webkit2gtk before version 2.32.3-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass, cross-site scripting and information disclosure.\n\nResolution\n==========\n\nUpgrade to 2.32.3-1.\n\n# pacman -Syu \"webkit2gtk>=2.32.3-1\"\n\nThe problems have been fixed upstream in version 2.32.3.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21775 (information disclosure)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A use-after-free vulnerability exists in the way certain events\nare processed for ImageLoader objects of WebKit. A specially crafted\nweb page can lead to a potential information leak and further memory\ncorruption. In order to trigger the vulnerability, a victim must be\ntricked into visiting a malicious webpage.\n\n- CVE-2021-21779 (information disclosure)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A use-after-free vulnerability exists in the way that WebKit\nGraphicsContext handles certain events. A specially crafted web page\ncan lead to a potential information leak and further memory corruption.\nA victim must be tricked into visiting a malicious web page to trigger\nthis vulnerability.\n\n- CVE-2021-30663 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30665 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited.\n\n- CVE-2021-30689 (cross-site scripting)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\nuniversal cross site scripting.\n\n- CVE-2021-30720 (access restriction bypass)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. A malicious website may be able to access restricted ports on\narbitrary servers.\n\n- CVE-2021-30734 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30744 (cross-site scripting)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\nuniversal cross site scripting.\n\n- CVE-2021-30749 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30795 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\n- CVE-2021-30797 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to code\nexecution.\n\n- CVE-2021-30799 (arbitrary code execution)\n\nA security issue has been found in WebKitGTK and WPE WebKit before\n2.32.3. Processing maliciously crafted web content may lead to\narbitrary code execution.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code or disclose sensitive\ninformation through crafted web content. Apple is aware of a report\nthat one of the arbitrary code execution issues may have been actively\nexploited.\n\nReferences\n==========\n\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-21775\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1229\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-21779\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1238\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30663\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30665\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30689\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30720\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30734\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30744\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30749\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30795\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30797\nhttps://webkitgtk.org/security/WSA-2021-0004.html#CVE-2021-30799\nhttps://security.archlinux.org/CVE-2021-21775\nhttps://security.archlinux.org/CVE-2021-21779\nhttps://security.archlinux.org/CVE-2021-30663\nhttps://security.archlinux.org/CVE-2021-30665\nhttps://security.archlinux.org/CVE-2021-30689\nhttps://security.archlinux.org/CVE-2021-30720\nhttps://security.archlinux.org/CVE-2021-30734\nhttps://security.archlinux.org/CVE-2021-30744\nhttps://security.archlinux.org/CVE-2021-30749\nhttps://security.archlinux.org/CVE-2021-30795\nhttps://security.archlinux.org/CVE-2021-30797\nhttps://security.archlinux.org/CVE-2021-30799", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-27T00:00:00", "type": "archlinux", "title": "[ASA-202107-67] webkit2gtk: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2021-07-27T00:00:00", "id": "ASA-202107-67", "href": "https://security.archlinux.org/ASA-202107-67", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T15:38:05", "description": "Arch Linux Security Advisory ASA-202102-42\n==========================================\n\nSeverity: Medium\nDate : 2021-02-27\nCVE-ID : CVE-2021-23840 CVE-2021-23841\nPackage : openssl\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1581\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.j-1 is vulnerable to multiple\nissues including denial of service and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 1.1.1.j-1.\n\n# pacman -Syu \"openssl>=1.1.1.j-1\"\n\nThe problems have been fixed upstream in version 1.1.1.j.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-23840 (incorrect calculation)\n\nCalls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may\noverflow the output length argument in some cases where the input\nlength is close to the maximum permissable length for an integer on the\nplatform. In such cases the return value from the function call will be\n1 (indicating success), but the output length value will be negative.\nThis could cause applications to behave incorrectly or crash.\n\nOpenSSL versions 1.1.1i and below are affected by this issue. Users of\nthese versions should upgrade to OpenSSL 1.1.1j.\n\nOpenSSL versions 1.0.2x and below are affected by this issue. However\nOpenSSL 1.0.2 is out of support and no longer receiving public updates.\nPremium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\nOther users should upgrade to 1.1.1j.\n\nFixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL\n1.0.2y (Affected 1.0.2-1.0.2x).\n\n- CVE-2021-23841 (denial of service)\n\nThe OpenSSL public API function X509_issuer_and_serial_hash() attempts\nto create a unique hash value based on the issuer and serial number\ndata contained within an X509 certificate. However it fails to\ncorrectly handle any errors that may occur while parsing the issuer\nfield (which might occur if the issuer field is maliciously\nconstructed). This may subsequently result in a NULL pointer deref and\na crash leading to a potential denial of service attack.\n\nThe function X509_issuer_and_serial_hash() is never directly called by\nOpenSSL itself so applications are only vulnerable if they use this\nfunction directly and they use it on certificates that may have been\nobtained from untrusted sources.\n\nOpenSSL versions 1.1.1i and below are affected by this issue. Users of\nthese versions should upgrade to OpenSSL 1.1.1j.\n\nOpenSSL versions 1.0.2x and below are affected by this issue. However\nOpenSSL 1.0.2 is out of support and no longer receiving public updates.\nPremium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\nOther users should upgrade to 1.1.1j.\n\nImpact\n======\n\nA malicious certificate can be crafted to crash the application, or\nbehave in some incorrect way.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20210216.txt\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8130d654d1de922ea224fa18ee3bc7262edc39c0\nhttps://security.archlinux.org/CVE-2021-23840\nhttps://security.archlinux.org/CVE-2021-23841", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-27T00:00:00", "type": "archlinux", "title": "[ASA-202102-42] openssl: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2021-02-27T00:00:00", "id": "ASA-202102-42", "href": "https://security.archlinux.org/ASA-202102-42", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-12-02T16:02:14", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-29T01:09:31", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: webkit2gtk3-2.32.3-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2021-07-29T01:09:31", "id": "FEDORA:8A032304C446", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T16:02:14", "description": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-08T01:08:31", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: webkit2gtk3-2.32.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2021-08-08T01:08:31", "id": "FEDORA:7879F312EC5F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-10-18T14:59:37", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5024-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-28T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-5024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver"], "id": "UBUNTU_USN-5024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152135", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5024-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152135);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"USN\", value:\"5024-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-5024-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5024-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5024-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.32.3-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.32.3-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.32.3-0ubuntu0.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:43", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4945 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-29T00:00:00", "type": "nessus", "title": "Debian DSA-4945-1 : webkit2gtk - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0", "p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin", "p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev", "p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc", "p-cpe:/a:debian:debian_linux:webkit2gtk-driver", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4945.NASL", "href": "https://www.tenable.com/plugins/nessus/152138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-4945. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152138);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4945-1 : webkit2gtk - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-4945 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/webkit2gtk\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-4945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-30799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/webkit2gtk\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the webkit2gtk packages.\n\nFor the stable distribution (buster), these problems have been fixed in version 2.32.3-1~deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webkit2gtk-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nrelease = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nrelease = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\npkgs = [\n {'release': '10.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-37-gtk2', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.32.3-1~deb10u1'},\n {'release': '10.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.32.3-1~deb10u1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n release = NULL;\n prefix = NULL;\n reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:32:31", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2598-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2598-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152202", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2598-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152202);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2598-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2598-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009247.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e605200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:30:32", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2600-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-04T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:2600-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2600-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152201", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2600-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152201);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2600-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:2600-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2021:2600-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009245.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726d2b9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'webkit2gtk3-devel-2.32.3-2.66.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-2.66.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:32:36", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2762-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-18T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2762-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:suse_linux:libsoup-2_4-1", "p-cpe:/a:novell:suse_linux:libsoup-devel", "p-cpe:/a:novell:suse_linux:libsoup-lang", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang", "p-cpe:/a:novell:suse_linux:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-soup-2_4", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:suse_linux:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2762-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152656", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2762-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152656);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2762-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:2762-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2762-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009300.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52745954\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsoup-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-Soup-2_4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libsoup-lang-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libwebkit2gtk3-lang-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libsoup-2_4-1-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libsoup-devel-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-Soup-2_4-2.62.2-17.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'webkit2gtk3-devel-2.32.3-3.77.3', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libsoup-2_4-1 / libsoup-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1101-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - A cross-origin issue with iframe elements was addressed with improved tracking of security origins.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:1101-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1101.NASL", "href": "https://www.tenable.com/plugins/nessus/152391", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1101-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152391);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:1101-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1101-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734,\n CVE-2021-30749, CVE-2021-30799)\n\n - A cross-origin issue with iframe elements was addressed with improved tracking of security origins.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DYJ44GRLS3QYOXTONYQG6SHUD22SUDIB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83792291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.32.3-lp152.2.16.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.32.3-lp152.2.16.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk3-lang-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit-jsc-4-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-minibrowser-2.32.3-lp152.2.16.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:32", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - A cross-origin issue with iframe elements was addressed with improved tracking of security origins.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-04T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:2598-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21775", "CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-javascriptcore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-webkit2webextension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2598.NASL", "href": "https://www.tenable.com/plugins/nessus/152196", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2598-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152196);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2021:2598-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2598-1 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkits GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - A logic issue was addressed with improved state management. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734,\n CVE-2021-30749, CVE-2021-30799)\n\n - A cross-origin issue with iframe elements was addressed with improved tracking of security origins.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188697\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/554N5QKF5U43OFZQKL2FBBMYD5YD3BX7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad3cd3c5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libjavascriptcoregtk-4_0-18-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libjavascriptcoregtk-4_0-18-32bit-2.32.3-9.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk-4_0-37-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk-4_0-37-32bit-2.32.3-9.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebkit2gtk3-lang-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-JavaScriptCore-4_0-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-WebKit2-4_0-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'typelib-1_0-WebKit2WebExtension-4_0-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit-jsc-4-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk-4_0-injected-bundles-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-minibrowser-2.32.3-9.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:21", "description": "According to its banner, the version of Apple TV on the remote device is prior to 14.6. It is therefore affected by multiple vulnerabilities as described in the HT212532, including:\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30665)\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2021-30707)\n\n - Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2021-30689)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-27T00:00:00", "type": "nessus", "title": "Apple TV < 14.6 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21779", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30677", "CVE-2021-30682", "CVE-2021-30685", "CVE-2021-30686", "CVE-2021-30687", "CVE-2021-30689", "CVE-2021-30697", "CVE-2021-30700", "CVE-2021-30701", "CVE-2021-30704", "CVE-2021-30705", "CVE-2021-30707", "CVE-2021-30710", "CVE-2021-30715", "CVE-2021-30720", "CVE-2021-30724", "CVE-2021-30727", "CVE-2021-30734", "CVE-2021-30736", "CVE-2021-30737", "CVE-2021-30740", "CVE-2021-30744", "CVE-2021-30749"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_14_6.NASL", "href": "https://www.tenable.com/plugins/nessus/149992", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149992);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21779\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30677\",\n \"CVE-2021-30682\",\n \"CVE-2021-30685\",\n \"CVE-2021-30686\",\n \"CVE-2021-30687\",\n \"CVE-2021-30689\",\n \"CVE-2021-30697\",\n \"CVE-2021-30700\",\n \"CVE-2021-30701\",\n \"CVE-2021-30704\",\n \"CVE-2021-30705\",\n \"CVE-2021-30707\",\n \"CVE-2021-30710\",\n \"CVE-2021-30715\",\n \"CVE-2021-30720\",\n \"CVE-2021-30724\",\n \"CVE-2021-30727\",\n \"CVE-2021-30734\",\n \"CVE-2021-30736\",\n \"CVE-2021-30737\",\n \"CVE-2021-30740\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT212532\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2021-05-20\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Apple TV < 14.6 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device is prior to 14.6. It is therefore affected by\nmultiple vulnerabilities as described in the HT212532, including:\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30665)\n\n - Processing a maliciously crafted audio file may lead to arbitrary code execution (CVE-2021-30707)\n\n - Processing maliciously crafted web content may lead to universal cross site scripting (CVE-2021-30689)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212532\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 14.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30740\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30749\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude('appletv_func.inc');\n\nvar url, port, build, model, fixed_build, gen, tvos_ver;\n\nurl = get_kb_item_or_exit('AppleTV/URL', msg:'Cannot determine Apple TV URL.');\n\nport = get_kb_item_or_exit('AppleTV/Port', msg:'Cannot determine Apple TV port.');\n\nbuild = get_kb_item_or_exit('AppleTV/Version', msg:'Cannot determine Apple TV version.');\n\nmodel = get_kb_item_or_exit('AppleTV/Model', msg:'Cannot determine Apple TV model.');\n\nfixed_build = '18L569';\ntvos_ver = '14.6';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5, 6),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:57:21", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. (CVE-2021-28650)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : GNOME (ELSA-2021-4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libraw", "p-cpe:/a:oracle:linux:libraw-devel", "p-cpe:/a:oracle:linux:accountsservice", "p-cpe:/a:oracle:linux:accountsservice-devel", "p-cpe:/a:oracle:linux:accountsservice-libs", "p-cpe:/a:oracle:linux:gdm", "p-cpe:/a:oracle:linux:gnome-autoar", "p-cpe:/a:oracle:linux:gnome-calculator", "p-cpe:/a:oracle:linux:gnome-classic-session", "p-cpe:/a:oracle:linux:gnome-control-center", "p-cpe:/a:oracle:linux:gnome-control-center-filesystem", "p-cpe:/a:oracle:linux:gnome-online-accounts", "p-cpe:/a:oracle:linux:gnome-online-accounts-devel", "p-cpe:/a:oracle:linux:gnome-session", "p-cpe:/a:oracle:linux:gnome-session-kiosk-session", "p-cpe:/a:oracle:linux:gnome-session-wayland-session", "p-cpe:/a:oracle:linux:gnome-session-xsession", "p-cpe:/a:oracle:linux:gnome-settings-daemon", "p-cpe:/a:oracle:linux:gnome-shell", "p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:oracle:linux:gnome-shell-extension-common", "p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu", "p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:oracle:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons", "p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:oracle:linux:gnome-shell-extension-window-list", "p-cpe:/a:oracle:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:oracle:linux:gnome-software", "p-cpe:/a:oracle:linux:gnome-software-devel", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas", "p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:oracle:linux:gtk-update-icon-cache", "p-cpe:/a:oracle:linux:gtk3", "p-cpe:/a:oracle:linux:gtk3-devel", "p-cpe:/a:oracle:linux:gtk3-immodule-xim", "p-cpe:/a:oracle:linux:mutter", "p-cpe:/a:oracle:linux:mutter-devel", "p-cpe:/a:oracle:linux:vino", "p-cpe:/a:oracle:linux:webkit2gtk3", "p-cpe:/a:oracle:linux:webkit2gtk3-devel", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc", "p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel"], "id": "ORACLELINUX_ELSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155421);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Oracle Linux 8 : GNOME (ELSA-2021-4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit\n WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for\n CVE-2020-36241. (CVE-2021-28650)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4381.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-29T15:21:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788, CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : GNOME (RHSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-10-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libraw", "p-cpe:/a:redhat:enterprise_linux:libraw-devel", "p-cpe:/a:redhat:enterprise_linux:gnome-autoar", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc", "p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel"], "id": "REDHAT-RHSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155153", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4381. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155153);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4381\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n\n script_name(english:\"RHEL 8 : GNOME (RHSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,\n CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the\n destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and\n possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code\n execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination\n directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,\n CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-24870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1844\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-1871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1944867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986906\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 79, 119, 120, 190, 200, 416, 459, 843, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gnome-autoar-0.2.3-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'sp':'6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'sp':'6', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'gnome-autoar-0.2.3-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / gnome-autoar / webkit2gtk3 / webkit2gtk3-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:51:49", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. (CVE-2020-29623)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. (CVE-2021-28650)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : GNOME (ALSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libraw", "p-cpe:/a:alma:linux:libraw-devel", "p-cpe:/a:alma:linux:accountsservice", "p-cpe:/a:alma:linux:accountsservice-devel", "p-cpe:/a:alma:linux:accountsservice-libs", "p-cpe:/a:alma:linux:gdm", "p-cpe:/a:alma:linux:gnome-autoar", "p-cpe:/a:alma:linux:gnome-calculator", "p-cpe:/a:alma:linux:gnome-classic-session", "p-cpe:/a:alma:linux:gnome-control-center", "p-cpe:/a:alma:linux:gnome-control-center-filesystem", "p-cpe:/a:alma:linux:gnome-online-accounts", "p-cpe:/a:alma:linux:gnome-online-accounts-devel", "p-cpe:/a:alma:linux:gnome-session", "p-cpe:/a:alma:linux:gnome-session-kiosk-session", "p-cpe:/a:alma:linux:gnome-session-wayland-session", "p-cpe:/a:alma:linux:gnome-session-xsession", "p-cpe:/a:alma:linux:gnome-settings-daemon", "p-cpe:/a:alma:linux:gnome-shell", "p-cpe:/a:alma:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:alma:linux:gnome-shell-extension-common", "p-cpe:/a:alma:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:alma:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:alma:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:alma:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:alma:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:alma:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:alma:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:alma:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:alma:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:alma:linux:gnome-shell-extension-places-menu", "p-cpe:/a:alma:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:alma:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:alma:linux:gnome-shell-extension-top-icons", "p-cpe:/a:alma:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:alma:linux:gnome-shell-extension-user-theme", "p-cpe:/a:alma:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:alma:linux:gnome-shell-extension-window-list", "p-cpe:/a:alma:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:alma:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:alma:linux:gnome-software", "p-cpe:/a:alma:linux:gnome-software-devel", "p-cpe:/a:alma:linux:gsettings-desktop-schemas", "p-cpe:/a:alma:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:alma:linux:gtk-update-icon-cache", "p-cpe:/a:alma:linux:gtk3", "p-cpe:/a:alma:linux:gtk3-devel", "p-cpe:/a:alma:linux:gtk3-immodule-xim", "p-cpe:/a:alma:linux:mutter", "p-cpe:/a:alma:linux:mutter-devel", "p-cpe:/a:alma:linux:vino", "p-cpe:/a:alma:linux:webkit2gtk3", "p-cpe:/a:alma:linux:webkit2gtk3-devel", "p-cpe:/a:alma:linux:webkit2gtk3-jsc", "p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/157596", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157596);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"AlmaLinux 8 : GNOME (ALSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4381 advisory.\n\n - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit\n WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)\n\n - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.\n (CVE-2020-24870)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes\n 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.\n (CVE-2020-27918)\n\n - Clear History and Website Data did not clear the history. The issue was addressed with improved data\n deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update\n 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing\n history. (CVE-2020-29623)\n\n - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content\n may violate iframe sandboxing policy. (CVE-2021-1765)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1788)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4\n and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code\n execution. (CVE-2021-1789)\n\n - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big\n Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS\n 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on\n arbitrary servers. (CVE-2021-1799)\n\n - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur\n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4\n and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)\n\n - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and\n iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.\n Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,\n Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote\n attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other\n software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent\n is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for\n CVE-2020-36241. (CVE-2021-28650)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4381.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / accountsservice-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-18T15:58:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788, CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749, CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : GNOME (CESA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:libraw", "p-cpe:/a:centos:centos:libraw-devel", "p-cpe:/a:centos:centos:accountsservice", "p-cpe:/a:centos:centos:accountsservice-devel", "p-cpe:/a:centos:centos:accountsservice-libs", "p-cpe:/a:centos:centos:gnome-autoar", "p-cpe:/a:centos:centos:gnome-calculator", "p-cpe:/a:centos:centos:gnome-classic-session", "p-cpe:/a:centos:centos:gnome-control-center", "p-cpe:/a:centos:centos:gnome-control-center-filesystem", "p-cpe:/a:centos:centos:gnome-online-accounts", "p-cpe:/a:centos:centos:gnome-online-accounts-devel", "p-cpe:/a:centos:centos:gnome-session", "p-cpe:/a:centos:centos:gnome-session-kiosk-session", "p-cpe:/a:centos:centos:gnome-session-wayland-session", "p-cpe:/a:centos:centos:gnome-session-xsession", "p-cpe:/a:centos:centos:gnome-settings-daemon", "p-cpe:/a:centos:centos:gnome-shell", "p-cpe:/a:centos:centos:gnome-shell-extension-apps-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-auto-move-windows", "p-cpe:/a:centos:centos:gnome-shell-extension-common", "p-cpe:/a:centos:centos:gnome-shell-extension-dash-to-dock", "p-cpe:/a:centos:centos:gnome-shell-extension-desktop-icons", "p-cpe:/a:centos:centos:gnome-shell-extension-disable-screenshield", "p-cpe:/a:centos:centos:gnome-shell-extension-drive-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:centos:centos:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:centos:centos:gnome-shell-extension-launch-new-instance", "p-cpe:/a:centos:centos:gnome-shell-extension-native-window-placement", "p-cpe:/a:centos:centos:gnome-shell-extension-no-hot-corner", "p-cpe:/a:centos:centos:gnome-shell-extension-panel-favorites", "p-cpe:/a:centos:centos:gnome-shell-extension-places-menu", "p-cpe:/a:centos:centos:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:centos:centos:gnome-shell-extension-systemmonitor", "p-cpe:/a:centos:centos:gnome-shell-extension-top-icons", "p-cpe:/a:centos:centos:gnome-shell-extension-updates-dialog", "p-cpe:/a:centos:centos:gnome-shell-extension-user-theme", "p-cpe:/a:centos:centos:gnome-shell-extension-window-grouper", "p-cpe:/a:centos:centos:gnome-shell-extension-window-list", "p-cpe:/a:centos:centos:gnome-shell-extension-windowsnavigator", "p-cpe:/a:centos:centos:gnome-shell-extension-workspace-indicator", "p-cpe:/a:centos:centos:gnome-software", "p-cpe:/a:centos:centos:gnome-software-devel", "p-cpe:/a:centos:centos:gsettings-desktop-schemas", "p-cpe:/a:centos:centos:gsettings-desktop-schemas-devel", "p-cpe:/a:centos:centos:gtk-update-icon-cache", "p-cpe:/a:centos:centos:gtk3", "p-cpe:/a:centos:centos:gtk3-devel", "p-cpe:/a:centos:centos:gtk3-immodule-xim", "p-cpe:/a:centos:centos:mutter", "p-cpe:/a:centos:centos:mutter-devel", "p-cpe:/a:centos:centos:vino"], "id": "CENTOS8_RHSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/155097", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4381. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155097);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0505-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0126-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"CentOS 8 : GNOME (CESA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4381 advisory.\n\n - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n (CVE-2020-13558)\n\n - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)\n\n - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,\n CVE-2021-30795)\n\n - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)\n\n - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the\n destination directory (incomplete fix) (CVE-2020-36241)\n\n - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)\n\n - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)\n\n - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)\n\n - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)\n\n - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)\n\n - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and\n possibly code execution (CVE-2021-21775)\n\n - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code\n execution (CVE-2021-21779)\n\n - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)\n\n - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination\n directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)\n\n - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)\n\n - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)\n\n - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)\n\n - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)\n\n - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)\n\n - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,\n CVE-2021-30799)\n\n - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n (CVE-2021-30744)\n\n - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)\n\n - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4381\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:vino\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-devel / accountsservice / accountsservice-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:17:15", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : GNOME (RLSA-2021:4381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13558", "CVE-2020-24870", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-36241", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-28650", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799"], "modified": "2023-11-08T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:gnome-shell-extension-window-list", "p-cpe:/a:rocky:linux:gnome-shell-extension-windowsnavigator", "p-cpe:/a:rocky:linux:gnome-shell-extension-workspace-indicator", "p-cpe:/a:rocky:linux:gnome-software", "p-cpe:/a:rocky:linux:gnome-software-debuginfo", "p-cpe:/a:rocky:linux:gnome-software-debugsource", "p-cpe:/a:rocky:linux:gnome-software-devel", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas", "p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel", "p-cpe:/a:rocky:linux:gtk-update-icon-cache", "p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo", "p-cpe:/a:rocky:linux:gtk3", "p-cpe:/a:rocky:linux:gtk3-debuginfo", "p-cpe:/a:rocky:linux:gtk3-debugsource", "p-cpe:/a:rocky:linux:gtk3-devel", "p-cpe:/a:rocky:linux:gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:gtk3-immodule-xim", "p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo", "p-cpe:/a:rocky:linux:mutter", "p-cpe:/a:rocky:linux:mutter-debuginfo", "p-cpe:/a:rocky:linux:mutter-debugsource", "p-cpe:/a:rocky:linux:mutter-devel", "p-cpe:/a:rocky:linux:vino", "p-cpe:/a:rocky:linux:vino-debuginfo", "p-cpe:/a:rocky:linux:vino-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3", "p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-debugsource", "p-cpe:/a:rocky:linux:webkit2gtk3-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel", "p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo", "cpe:/o:rocky:linux:8", "p-cpe:/a:rocky:linux:accountsservice-debugsource", "p-cpe:/a:rocky:linux:accountsservice-devel", "p-cpe:/a:rocky:linux:accountsservice-libs", "p-cpe:/a:rocky:linux:accountsservice-libs-debuginfo", "p-cpe:/a:rocky:linux:gdm", "p-cpe:/a:rocky:linux:gdm-debuginfo", "p-cpe:/a:rocky:linux:gdm-debugsource", "p-cpe:/a:rocky:linux:gnome-autoar", "p-cpe:/a:rocky:linux:gnome-autoar-debuginfo", "p-cpe:/a:rocky:linux:gnome-autoar-debugsource", "p-cpe:/a:rocky:linux:gnome-calculator", "p-cpe:/a:rocky:linux:gnome-calculator-debuginfo", "p-cpe:/a:rocky:linux:gnome-calculator-debugsource", "p-cpe:/a:rocky:linux:gnome-classic-session", "p-cpe:/a:rocky:linux:gnome-control-center", "p-cpe:/a:rocky:linux:gnome-control-center-debuginfo", "p-cpe:/a:rocky:linux:gnome-control-center-debugsource", "p-cpe:/a:rocky:linux:gnome-control-center-filesystem", "p-cpe:/a:rocky:linux:gnome-online-accounts", "p-cpe:/a:rocky:linux:gnome-online-accounts-debuginfo", "p-cpe:/a:rocky:linux:gnome-online-accounts-debugsource", "p-cpe:/a:rocky:linux:gnome-online-accounts-devel", "p-cpe:/a:rocky:linux:gnome-session", "p-cpe:/a:rocky:linux:gnome-session-debuginfo", "p-cpe:/a:rocky:linux:gnome-session-debugsource", "p-cpe:/a:rocky:linux:gnome-session-kiosk-session", "p-cpe:/a:rocky:linux:gnome-session-wayland-session", "p-cpe:/a:rocky:linux:gnome-session-xsession", "p-cpe:/a:rocky:linux:gnome-settings-daemon", "p-cpe:/a:rocky:linux:gnome-settings-daemon-debuginfo", "p-cpe:/a:rocky:linux:gnome-settings-daemon-debugsource", "p-cpe:/a:rocky:linux:gnome-shell", "p-cpe:/a:rocky:linux:gnome-shell-debuginfo", "p-cpe:/a:rocky:linux:gnome-shell-debugsource", "p-cpe:/a:rocky:linux:gnome-shell-extension-apps-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-auto-move-windows", "p-cpe:/a:rocky:linux:gnome-shell-extension-common", "p-cpe:/a:rocky:linux:gnome-shell-extension-dash-to-dock", "p-cpe:/a:rocky:linux:gnome-shell-extension-desktop-icons", "p-cpe:/a:rocky:linux:gnome-shell-extension-disable-screenshield", "p-cpe:/a:rocky:linux:gnome-shell-extension-drive-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-gesture-inhibitor", "p-cpe:/a:rocky:linux:gnome-shell-extension-horizontal-workspaces", "p-cpe:/a:rocky:linux:gnome-shell-extension-launch-new-instance", "p-cpe:/a:rocky:linux:gnome-shell-extension-native-window-placement", "p-cpe:/a:rocky:linux:gnome-shell-extension-no-hot-corner", "p-cpe:/a:rocky:linux:gnome-shell-extension-panel-favorites", "p-cpe:/a:rocky:linux:gnome-shell-extension-places-menu", "p-cpe:/a:rocky:linux:gnome-shell-extension-screenshot-window-sizer", "p-cpe:/a:rocky:linux:gnome-shell-extension-systemmonitor", "p-cpe:/a:rocky:linux:gnome-shell-extension-top-icons", "p-cpe:/a:rocky:linux:gnome-shell-extension-updates-dialog", "p-cpe:/a:rocky:linux:gnome-shell-extension-user-theme", "p-cpe:/a:rocky:linux:gnome-shell-extension-window-grouper", "p-cpe:/a:rocky:linux:libraw", "p-cpe:/a:rocky:linux:libraw-debuginfo", "p-cpe:/a:rocky:linux:libraw-debugsource", "p-cpe:/a:rocky:linux:libraw-devel", "p-cpe:/a:rocky:linux:accountsservice", "p-cpe:/a:rocky:linux:accountsservice-debuginfo"], "id": "ROCKY_LINUX_RLSA-2021-4381.NASL", "href": "https://www.tenable.com/plugins/nessus/157823", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:4381.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157823);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/08\");\n\n script_cve_id(\n \"CVE-2020-13558\",\n \"CVE-2020-24870\",\n \"CVE-2020-27918\",\n \"CVE-2020-29623\",\n \"CVE-2020-36241\",\n \"CVE-2021-1765\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1844\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\",\n \"CVE-2021-21775\",\n \"CVE-2021-21779\",\n \"CVE-2021-21806\",\n \"CVE-2021-28650\",\n \"CVE-2021-30663\",\n \"CVE-2021-30665\",\n \"CVE-2021-30682\",\n \"CVE-2021-30689\",\n \"CVE-2021-30720\",\n \"CVE-2021-30734\",\n \"CVE-2021-30744\",\n \"CVE-2021-30749\",\n \"CVE-2021-30758\",\n \"CVE-2021-30795\",\n \"CVE-2021-30797\",\n \"CVE-2021-30799\"\n );\n script_xref(name:\"RLSA\", value:\"2021:4381\");\n script_xref(name:\"IAVA\", value:\"2021-A-0251-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0349-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Rocky Linux 8 : GNOME (RLSA-2021:4381)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:4381 advisory.\n\n - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of\n Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further\n memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a\n malicious webpage. (CVE-2021-21775)\n\n - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in\n WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory\n corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.\n (CVE-2021-21779)\n\n - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially\n crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim\n needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\n\n - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and\n iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted\n web content may lead to arbitrary code execution. (CVE-2021-30663)\n\n - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS\n 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously\n crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may\n have been actively exploited.. (CVE-2021-30665)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak\n sensitive user information. (CVE-2021-30682)\n\n - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content\n may lead to universal cross site scripting. (CVE-2021-30689)\n\n - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and\n iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access\n restricted ports on arbitrary servers. (CVE-2021-30720)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in\n tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)\n\n - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security\n origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,\n watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.\n (CVE-2021-30744)\n\n - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari\n 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to\n arbitrary code execution. (CVE-2021-30758)\n\n - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,\n Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may\n lead to arbitrary code execution. (CVE-2021-30795)\n\n - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big\n Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.\n (CVE-2021-30797)\n\n - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS\n 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing\n maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:4381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1651378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1770302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1791478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1813727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1854679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1888404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1894613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1897932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1904139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1905000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1909300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1914925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1924725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1925640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1928794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1928886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1935261\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1937416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1937866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1938937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1940026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1944867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1949176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1951086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1955754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1957705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1960705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1962049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1971507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1971534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1972545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1978612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1980441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1980661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1981420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986892\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1986906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1987233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1989035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1998989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1999120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2004170\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30799\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-1871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:LibRaw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:accountsservice-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gdm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-autoar-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-calculator-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-classic-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-control-center-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-online-accounts-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-kiosk-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-wayland-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-session-xsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-settings-daemon-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-apps-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-auto-move-windows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-dash-to-dock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-disable-screenshield\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-drive-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-gesture-inhibitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-horizontal-workspaces\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-launch-new-instance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-native-window-placement\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-no-hot-corner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-panel-favorites\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-places-menu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-screenshot-window-sizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-systemMonitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-top-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-updates-dialog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-user-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-window-grouper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-window-list\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-windowsNavigator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-shell-extension-workspace-indicator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gnome-software-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gsettings-desktop-schemas-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk-update-icon-cache-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:gtk3-immodule-xim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mutter-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:vino-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:webkit2gtk3-jsc-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debuginfo-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debugsource-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-debugsource-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-devel-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'accountsservice-libs-debuginfo-0.6.55-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gdm-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debuginfo-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gdm-debugsource-40.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debuginfo-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-autoar-debugsource-0.2.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debuginfo-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debuginfo-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debugsource-3.28.2-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-calculator-debugsource-3.28.2-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-classic-session-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debuginfo-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debuginfo-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debugsource-3.28.2-28.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-debugsource-3.28.2-28.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-control-center-filesystem-3.28.2-28.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debuginfo-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-debugsource-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-online-accounts-devel-3.28.2-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debuginfo-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-debugsource-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-kiosk-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-wayland-session-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-session-xsession-3.28.1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debuginfo-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8_6.1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-settings-daemon-debugsource-3.32.0-16.el8_6.1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debuginfo-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debuginfo-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debugsource-3.32.2-40.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-debugsource-3.32.2-40.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-apps-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-auto-move-windows-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-common-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-dash-to-dock-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-desktop-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-disable-screenshield-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-drive-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-launch-new-instance-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-native-window-placement-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-no-hot-corner-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-panel-favorites-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-places-menu-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-systemMonitor-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-top-icons-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-updates-dialog-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-user-theme-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-grouper-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-window-list-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-windowsNavigator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-shell-extension-workspace-indicator-3.32.1-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debuginfo-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-debugsource-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gnome-software-devel-3.36.1-10.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gsettings-desktop-schemas-devel-3.32.0-6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk-update-icon-cache-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-debugsource-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-devel-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-8.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gtk3-immodule-xim-debuginfo-3.22.30-8.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debuginfo-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-debugsource-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'LibRaw-devel-0.19.5-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debuginfo-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-debugsource-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mutter-devel-3.32.2-60.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debuginfo-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debuginfo-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debugsource-3.22.0-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vino-debugsource-3.22.0-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-debugsource-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-devel-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'LibRaw / LibRaw-debuginfo / LibRaw-debugsource / LibRaw-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:39", "description": "This Solaris system is missing necessary patches to address a critical security update :\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption (OpenSSL)). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2021-23841)", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jul2021_SRU11_3_36_26_0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.3"], "id": "SOLARIS_JUL2021_SRU11_3_36_26_0.NASL", "href": "https://www.tenable.com/plugins/nessus/151922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jul2021.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(151922);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jul2021_SRU11_3_36_26_0\");\n script_summary(english:\"Check for the jul2021 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njul2021.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address a critical\nsecurity update :\n\n - Vulnerability in the MySQL Server product of Oracle\n MySQL (component: Server: Security: Encryption\n (OpenSSL)). Supported versions that are affected are\n 5.7.33 and prior and 8.0.23 and prior. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to\n compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to\n cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 7.5\n (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2021-23841)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2788472.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/a/tech/docs/cpujul2021cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujul2021.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jul2021 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.3.36.0.26.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.3.36.0.26.0\", sru:\"11.3.36.26.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-26T15:39:10", "description": "The version of Apple iOS running on the mobile device is prior to 14.5.1. It is, therefore, affected by multiple vulnerabilities.\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. (CVE-2021-30665)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. (CVE-2021-30663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "Apple iOS < 14.5.1 Multiple Vulnerabilities (HT212336)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30663", "CVE-2021-30665"], "modified": "2023-09-25T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1451_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/149353", "sourceData": "Binary data apple_ios_1451_check.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:23", "description": "The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.3.1 Big Sur. It is, therefore, affected by multiple vulnerabilities including the following:\n\n - An integer overflow was addressed with improved input validation (CVE-2021-30663).\n\n - A memory corruption issue was addressed with improved state management (CVE-2021-30666).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "macOS 11.x < 11.3.1 Multiple Vulnerabilities (HT212335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30663", "CVE-2021-30666"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT212335.NASL", "href": "https://www.tenable.com/plugins/nessus/149333", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149333);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\"CVE-2021-30663\");\n script_xref(name:\"APPLE-SA\", value:\"HT212335\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2021-05-03-4\");\n script_xref(name:\"IAVA\", value:\"2021-A-0212-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"macOS 11.x < 11.3.1 Multiple Vulnerabilities (HT212335)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 11.x prior to 11.3.1 Big Sur. It is, therefore,\naffected by multiple vulnerabilities including the following:\n\n - An integer overflow was addressed with improved input validation (CVE-2021-30663).\n\n - A memory corruption issue was addressed with improved state management (CVE-2021-30666).\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212335\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 11.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [{ 'min_version' : '11.0', 'fixed_version' : '11.3.1', 'fixed_display' : 'macOS Big Sur 11.3.1' }];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:07:58", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities:\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:openssl", "p-cpe:/a:zte:cgsl_core:openssl-crypto", "p-cpe:/a:zte:cgsl_core:openssl-debuginfo", "p-cpe:/a:zte:cgsl_core:openssl-devel", "p-cpe:/a:zte:cgsl_core:openssl-libs", "p-cpe:/a:zte:cgsl_core:openssl-perl", "p-cpe:/a:zte:cgsl_core:openssl-static", "p-cpe:/a:zte:cgsl_main:openssl", "p-cpe:/a:zte:cgsl_main:openssl-debuginfo", "p-cpe:/a:zte:cgsl_main:openssl-devel", "p-cpe:/a:zte:cgsl_main:openssl-libs", "p-cpe:/a:zte:cgsl_main:openssl-perl", "p-cpe:/a:zte:cgsl_main:openssl-static", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0017_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/160849", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0017. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160849);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0038\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0480\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected\nby multiple vulnerabilities:\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0017\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-23840\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-23841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssl packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'openssl-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-crypto-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-debuginfo-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-devel-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-libs-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-perl-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite',\n 'openssl-static-1.0.2k-22.el7_9.cgslv5.0.2.gbadae36.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'openssl-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26',\n 'openssl-debuginfo-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26',\n 'openssl-devel-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26',\n 'openssl-libs-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26',\n 'openssl-perl-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26',\n 'openssl-static-1.0.2k-22.el7_9.cgslv5.0.1.g5d3de26'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:36", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate,EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success),but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : openssl (EulerOS-SA-2021-2005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2005.NASL", "href": "https://www.tenable.com/plugins/nessus/151175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151175);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : openssl (EulerOS-SA-2021-2005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate,EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success),but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2005\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?93e60598\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1-3.h14.eulerosv2r8\",\n \"openssl-devel-1.1.1-3.h14.eulerosv2r8\",\n \"openssl-libs-1.1.1-3.h14.eulerosv2r8\",\n \"openssl-perl-1.1.1-3.h14.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:57", "description": "According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue.\n However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue.\n Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\n Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2021-2091)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2091.NASL", "href": "https://www.tenable.com/plugins/nessus/151312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151312);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2021-2091)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources. OpenSSL versions 1.1.1i and\n below are affected by this issue. Users of these\n versions should upgrade to OpenSSL 1.1.1j. OpenSSL\n versions 1.0.2x and below are affected by this issue.\n However OpenSSL 1.0.2 is out of support and no longer\n receiving public updates. Premium support customers of\n OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users\n should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j\n (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y\n (Affected 1.0.2-1.0.2x).(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or crash. OpenSSL\n versions 1.1.1i and below are affected by this issue.\n Users of these versions should upgrade to OpenSSL\n 1.1.1j. OpenSSL versions 1.0.2x and below are affected\n by this issue. However OpenSSL 1.0.2 is out of support\n and no longer receiving public updates. Premium support\n customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\n Other users should upgrade to 1.1.1j. Fixed in OpenSSL\n 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y\n (Affected 1.0.2-1.0.2x).(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2091\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4c9ff97a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.2k-16.h13\",\n \"openssl-devel-1.0.2k-16.h13\",\n \"openssl-libs-1.0.2k-16.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:53", "description": "According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2021-1826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1826.NASL", "href": "https://www.tenable.com/plugins/nessus/149168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149168);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2021-1826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1826\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6591571\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:05:46", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3798 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "RHEL 7 : openssl (RHSA-2021:3798)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-10-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl", "p-cpe:/a:redhat:enterprise_linux:openssl-static"], "id": "REDHAT-RHSA-2021-3798.NASL", "href": "https://www.tenable.com/plugins/nessus/165140", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3798. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165140);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/11\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"RHSA\", value:\"2021:3798\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : openssl (RHSA-2021:3798)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3798 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(190, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssl-1.0.2k-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.0.2k-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.0.2k-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.0.2k-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.0.2k-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.0.2k-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.0.2k-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.0.2k-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:34", "description": "This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2021:0725-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0725-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0725-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147511);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2021:0725-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate\n(bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in\nX509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210725-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?686d11b0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-725=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-725=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-725=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-725=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-725=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-725=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-hmac-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_0_0-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-hmac-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_0_0-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.36.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_0_0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:50", "description": "This update for openssl-1_1 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0753-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0753-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0753-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147571);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0753-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate\n(bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in\nX509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210753-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?12d34e0d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-753=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-753=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-753=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-753=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-753=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-753=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-753=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-753=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-753=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl-1_1-devel-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_1-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_1-debuginfo-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_1-hmac-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_1-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_1-debuginfo-1.1.0i-14.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_1-debugsource-1.1.0i-14.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:03", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4424 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : openssl (RHSA-2021:4424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:openssl", "p-cpe:/a:redhat:enterprise_linux:openssl-devel", "p-cpe:/a:redhat:enterprise_linux:openssl-libs", "p-cpe:/a:redhat:enterprise_linux:openssl-perl"], "id": "REDHAT-RHSA-2021-4424.NASL", "href": "https://www.tenable.com/plugins/nessus/155214", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4424. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155214);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"RHSA\", value:\"2021:4424\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"RHEL 8 : openssl (RHSA-2021:4424)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4424 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(190, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssl-1.1.1k-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-4.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssl-1.1.1k-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-4.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / openssl-perl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:19:32", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssl (EulerOS-SA-2021-2416)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2416.NASL", "href": "https://www.tenable.com/plugins/nessus/153288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153288);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/30\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl (EulerOS-SA-2021-2416)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2416\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?058dac8e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.2k-16.h14\",\n \"openssl-devel-1.0.2k-16.h14\",\n \"openssl-libs-1.0.2k-16.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:27", "description": "It was discovered that there were two issues in the openssl cryptographic system :\n\n - CVE-2021-23840: Prevent an issue where 'Digital EnVeloPe' EVP-related calls could cause applications to behave incorrectly or even crash.\n\n - CVE-2021-23841: Prevent an issue in the X509 certificate parsing caused by the lack of error handling while ingesting the 'issuer' field.\n\nFor Debian 9 'Stretch', these problems have been fixed in version 1.1.0l-1~deb9u3.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Debian DLA-2563-1 : openssl security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto1.1-udeb", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.1", "p-cpe:/a:debian:debian_linux:libssl1.1-udeb", "p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2563.NASL", "href": "https://www.tenable.com/plugins/nessus/146612", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2563-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146612);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DLA-2563-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there were two issues in the openssl\ncryptographic system :\n\n - CVE-2021-23840: Prevent an issue where 'Digital\n EnVeloPe' EVP-related calls could cause applications to\n behave incorrectly or even crash.\n\n - CVE-2021-23841: Prevent an issue in the X509 certificate\n parsing caused by the lack of error handling while\n ingesting the 'issuer' field.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n1.1.0l-1~deb9u3.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libcrypto1.1-udeb\", reference:\"1.1.0l-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl-dev\", reference:\"1.1.0l-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl-doc\", reference:\"1.1.0l-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.1\", reference:\"1.1.0l-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.1-udeb\", reference:\"1.1.0l-1~deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openssl\", reference:\"1.1.0l-1~deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:27", "description": "It was discovered that there were two issues in the 1.0 branch of the OpenSSL cryptographic system :\n\n - CVE-2021-23840: Prevent an issue where 'Digital EnVeloPe' EVP-related calls could cause applications to behave incorrectly or even crash.\n\n - CVE-2021-23841: Prevent an issue in the X509 certificate handling caused by the lack of error handling whilst parsing 'issuer' fields.\n\nFor Debian 9 'Stretch', these problems have been fixed in version 1.0.2u-1~deb9u4. For the equivalent changes for the 1.1 branch of OpenSSL, please see DLA-2563-1.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Debian DLA-2565-1 : openssl1.0 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libssl1.0-dev", "p-cpe:/a:debian:debian_linux:libssl1.0.2", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2565.NASL", "href": "https://www.tenable.com/plugins/nessus/146604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2565-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146604);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DLA-2565-1 : openssl1.0 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there were two issues in the 1.0 branch of the\nOpenSSL cryptographic system :\n\n - CVE-2021-23840: Prevent an issue where 'Digital\n EnVeloPe' EVP-related calls could cause applications to\n behave incorrectly or even crash.\n\n - CVE-2021-23841: Prevent an issue in the X509 certificate\n handling caused by the lack of error handling whilst\n parsing 'issuer' fields.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n1.0.2u-1~deb9u4. For the equivalent changes for the 1.1 branch of\nOpenSSL, please see DLA-2563-1.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00025.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl1.0\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libssl1.0-dev, and libssl1.0.2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0-dev\", reference:\"1.0.2u-1~deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.0.2\", reference:\"1.0.2u-1~deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:31", "description": "The version of openssl installed on the remote host is prior to 1.0.2k-16.153. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1482 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-24T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssl (ALAS-2021-1482)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssl", "p-cpe:/a:amazon:linux:openssl-debuginfo", "p-cpe:/a:amazon:linux:openssl-devel", "p-cpe:/a:amazon:linux:openssl-perl", "p-cpe:/a:amazon:linux:openssl-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1482.NASL", "href": "https://www.tenable.com/plugins/nessus/146818", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1482.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146818);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"ALAS\", value:\"2021-1482\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : openssl (ALAS-2021-1482)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of openssl installed on the remote host is prior to 1.0.2k-16.153. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1482 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1482.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssl' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23841\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'openssl-1.0.2k-16.153.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'openssl-1.0.2k-16.153.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'openssl-debuginfo-1.0.2k-16.153.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'openssl-debuginfo-1.0.2k-16.153.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'openssl-devel-1.0.2k-16.153.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'openssl-devel-1.0.2k-16.153.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'openssl-perl-1.0.2k-16.153.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'openssl-perl-1.0.2k-16.153.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'openssl-static-1.0.2k-16.153.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'openssl-static-1.0.2k-16.153.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-debuginfo / openssl-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:14", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-libs", "p-cpe:/a:huawei:euleros:openssl-perl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1935.NASL", "href": "https://www.tenable.com/plugins/nessus/150175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150175);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1935)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1935\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b728a95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.1.1f-7.h13.eulerosv2r9\",\n \"openssl-libs-1.1.1f-7.h13.eulerosv2r9\",\n \"openssl-perl-1.1.1f-7.h13.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:48", "description": "This update for openssl-1_1 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0755-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0755-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0755-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147502);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2021:0755-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate\n(bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in\nX509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210755-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d43dbb19\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-755=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-755=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-755=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-755=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl-1_1-devel-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_1-hmac-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.57.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_1-debugsource-1.1.0i-4.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-09T14:40:18", "description": "The version of OpenSSL installed on the remote host is prior to 1.1.1j. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1j advisory.\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-09T00:00:00", "type": "nessus", "title": "OpenSSL 1.1.1 < 1.1.1j Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-08-08T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_1J.NASL", "href": "https://www.tenable.com/plugins/nessus/148402", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148402);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/08\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"OpenSSL 1.1.1 < 1.1.1j Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL installed on the remote host is prior to 1.1.1j. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 1.1.1j advisory.\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/openssl/openssl/commit/122a19ab48091c657f7cb1fb3af9fc07bd557bbf\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64e469f1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20210216.txt\");\n # https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81e2257b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSL version 1.1.1j or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23841\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\", \"openssl_nix_installed.nbin\", \"openssl_win_installed.nbin\");\n script_require_keys(\"installed_sw/OpenSSL\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_openssl.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'OpenSSL');\n\nvcf::check_all_backporting(app_info:app_info);\n\nvar constraints = [{ 'min_version' : '1.1.1', 'fixed_version' : '1.1.1j'}];\n\nvcf::openssl::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:19", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14667-1 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssl1 (SUSE-SU-2021:14667-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-32bit", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-x86", "p-cpe:/a:novell:suse_linux:openssl1", "p-cpe:/a:novell:suse_linux:openssl1-doc", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14667-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150559", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14667-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150559);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14667-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssl1 (SUSE-SU-2021:14667-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14667-1 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182333\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-March/008506.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61862ca0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP0\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'libopenssl1-devel-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libopenssl1_0_0-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libopenssl1_0_0-32bit-1.0.1g-0.58.33', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libopenssl1_0_0-32bit-1.0.1g-0.58.33', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'openssl1-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'openssl1-doc-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.3-0'},\n {'reference':'libopenssl1-devel-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'libopenssl1_0_0-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'libopenssl1_0_0-32bit-1.0.1g-0.58.33', 'sp':'0', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'libopenssl1_0_0-32bit-1.0.1g-0.58.33', 'sp':'0', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'openssl1-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'},\n {'reference':'openssl1-doc-1.0.1g-0.58.33', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.3-0'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libopenssl1-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / openssl1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:23:27", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3798 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "CentOS 7 : openssl (CESA-2021:3798)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssl", "p-cpe:/a:centos:centos:openssl-devel", "p-cpe:/a:centos:centos:openssl-libs", "p-cpe:/a:centos:centos:openssl-perl", "p-cpe:/a:centos:centos:openssl-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-3798.NASL", "href": "https://www.tenable.com/plugins/nessus/155545", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3798 and\n# CentOS Errata and Security Advisory 2021:3798 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155545);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/23\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"RHSA\", value:\"2021:3798\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"CentOS 7 : openssl (CESA-2021:3798)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:3798 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-November/048384.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2947f14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(190, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-devel-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-libs-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-perl-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssl-static-1.0.2k-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:23:27", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4424 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2021-4424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl"], "id": "ORACLELINUX_ELSA-2021-4424.NASL", "href": "https://www.tenable.com/plugins/nessus/155399", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4424.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155399);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/23\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2021-4424)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4424 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4424.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1k-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-1.1.1k-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-devel-1.1.1k-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-4.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-libs-1.1.1k-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'openssl-perl-1.1.1k-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:46:34", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9478 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-05T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssl (ELSA-2021-9478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static"], "id": "ORACLELINUX_ELSA-2021-9478.NASL", "href": "https://www.tenable.com/plugins/nessus/154916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9478.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154916);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"IAVA\", value:\"2021-A-0480\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"Oracle Linux 7 : openssl (ELSA-2021-9478)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9478 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9478.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.0.2k-22.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-1.0.2k-22.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.0.2k-22.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.0.2k-22.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.0.2k-22.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.0.2k-22.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.0.2k-22.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.0.2k-22.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-perl-1.0.2k-22.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-perl-1.0.2k-22.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-static-1.0.2k-22.ksplice1.el7_9', 'cpu':'aarch64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-static-1.0.2k-22.ksplice1.el7_9', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-static-1.0.2k-22.ksplice1.el7_9', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:28:02", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4198 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : edk2 (CESA-2021:4198)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-24T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:edk2-aarch64", "p-cpe:/a:centos:centos:edk2-ovmf"], "id": "CENTOS8_RHSA-2021-4198.NASL", "href": "https://www.tenable.com/plugins/nessus/155189", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4198. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155189);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/24\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"RHSA\", value:\"2021:4198\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"CentOS 8 : edk2 (CESA-2021:4198)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4198 advisory.\n\n - openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n - openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4198\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected edk2-aarch64 and / or edk2-ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:edk2-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:edk2-ovmf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'edk2-aarch64-20210527gite1999b264f1f-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'edk2-ovmf-20210527gite1999b264f1f-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'edk2-aarch64 / edk2-ovmf');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:23:53", "description": "According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2021-2418)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl110f", "p-cpe:/a:huawei:euleros:openssl110f-devel", "p-cpe:/a:huawei:euleros:openssl110f-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2418.NASL", "href": "https://www.tenable.com/plugins/nessus/153266", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153266);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/12/01\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2021-2418)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl110f packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2418\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a25865d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl110f packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl110f\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl110f-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl110f-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl110f-1.1.0f-5.h17\",\n \"openssl110f-devel-1.1.0f-5.h17\",\n \"openssl110f-libs-1.1.0f-5.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl110f\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:23:48", "description": "According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2021-2417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl098e", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2417.NASL", "href": "https://www.tenable.com/plugins/nessus/153326", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153326);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/30\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2021-2417)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl098e package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources.(CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2417\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75d935d2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl098e packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl098e\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl098e-0.9.8e-29.3.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl098e\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:04", "description": "This update for openssl-1_1 fixes the following issues :\n\n - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\n - CVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\n - Fixed unresolved error codes in FIPS (bsc#1182959).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2021-427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-427.NASL", "href": "https://www.tenable.com/plugins/nessus/147860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-427.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147860);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2021-427)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_1 fixes the following issues :\n\n - CVE-2021-23840: Fixed an Integer overflow in\n CipherUpdate (bsc#1182333)\n\n - CVE-2021-23841: Fixed a NULL pointer dereference in\n X509_issuer_and_serial_hash() (bsc#1182331)\n\n - Fixed unresolved error codes in FIPS (bsc#1182959).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl-1_1 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl-1_1-devel-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-debuginfo-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libopenssl1_1-hmac-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-debuginfo-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"openssl-1_1-debugsource-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.1d-lp152.7.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.1d-lp152.7.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:01", "description": "According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.(CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. (CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openssl (EulerOS-SA-2021-1907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssl", "p-cpe:/a:huawei:euleros:openssl-devel", "p-cpe:/a:huawei:euleros:openssl-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1907.NASL", "href": "https://www.tenable.com/plugins/nessus/149606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149606);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"EulerOS 2.0 SP5 : openssl (EulerOS-SA-2021-1907)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssl packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and\n EVP_DecryptUpdate may overflow the output length\n argument in some cases where the input length is close\n to the maximum permissable length for an integer on the\n platform. In such cases the return value from the\n function call will be 1 (indicating success), but the\n output length value will be negative. This could cause\n applications to behave incorrectly or\n crash.(CVE-2021-23840)\n\n - The OpenSSL public API function\n X509_issuer_and_serial_hash() attempts to create a\n unique hash value based on the issuer and serial number\n data contained within an X509 certificate. However it\n fails to correctly handle any errors that may occur\n while parsing the issuer field (which might occur if\n the issuer field is maliciously constructed). This may\n subsequently result in a NULL pointer deref and a crash\n leading to a potential denial of service attack. The\n function X509_issuer_and_serial_hash() is never\n directly called by OpenSSL itself so applications are\n only vulnerable if they use this function directly and\n they use it on certificates that may have been obtained\n from untrusted sources. (CVE-2021-23841)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1907\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48c28394\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"openssl-1.0.2k-16.h13.eulerosv2r7\",\n \"openssl-devel-1.0.2k-16.h13.eulerosv2r7\",\n \"openssl-libs-1.0.2k-16.h13.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:02", "description": "This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2021:0769-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel", "p-cpe:/a:novell:suse_linux:libopenssl10", "p-cpe:/a:novell:suse_linux:libopenssl10-debuginfo", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0769-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147736", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0769-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147736);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2021:0769-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for openssl-1_0_0 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate\n(bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in\nX509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210769-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de02b503\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-769=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-769=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-769=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-769=1\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-769=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-769=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-769=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-769=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-769=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-769=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-769=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_0_0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl10-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_0_0-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl10-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl10-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl-1_0_0-devel-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-debuginfo-1.0.2p-3.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"openssl-1_0_0-debugsource-1.0.2p-3.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_0_0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:51", "description": "This update for compat-openssl098 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2021:0793-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8", "p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0793-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147843", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0793-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147843);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2021:0793-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for compat-openssl098 fixes the following issues :\n\nCVE-2021-23840: Fixed an Integer overflow in CipherUpdate\n(bsc#1182333)\n\nCVE-2021-23841: Fixed a NULL pointer dereference in\nX509_issuer_and_serial_hash() (bsc#1182331)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23840/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23841/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210793-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0f18b26\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP5-2021-793=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-793=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-793=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-793=1\n\nSUSE Linux Enterprise Module for Legacy Software 12 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-12-2021-793=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:compat-openssl098-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl0_9_8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"compat-openssl098-debugsource-0.9.8j-106.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-0.9.8j-106.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-32bit-0.9.8j-106.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-0.9.8j-106.24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compat-openssl098\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:33:36", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9561 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-23T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssl (ELSA-2021-9561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "modified": "2023-11-22T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssl", "p-cpe:/a:oracle:linux:openssl-debugsource", "p-cpe:/a:oracle:linux:openssl-devel", "p-cpe:/a:oracle:linux:openssl-libs", "p-cpe:/a:oracle:linux:openssl-perl", "p-cpe:/a:oracle:linux:openssl-static"], "id": "ORACLELINUX_ELSA-2021-9561.NASL", "href": "https://www.tenable.com/plugins/nessus/155673", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9561.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155673);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2021-23840\", \"CVE-2021-23841\");\n script_xref(name:\"IAVA\", value:\"2021-A-0103-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0195\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193-S\");\n\n script_name(english:\"Oracle Linux 8 : openssl (ELSA-2021-9561)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9561 advisory.\n\n - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument\n in some cases where the input length is close to the maximum permissable length for an integer on the\n platform. In such cases the return value from the function call will be 1 (indicating success), but the\n output length value will be negative. This could cause applications to behave incorrectly or crash.\n OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to\n OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out\n of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should\n upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i).\n Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). (CVE-2021-23840)\n\n - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based\n on the issuer and serial number data contained within an X509 certificate. However it fails to correctly\n handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is\n maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a\n potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by\n OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on\n certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are\n affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x\n and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving\n public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should\n upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected\n 1.0.2-1.0.2x). (CVE-2021-23841)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9561.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23840\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssl-1.1.1k-4.ksplice1.el8', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-1.1.1k-4.ksplice1.el8', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-debugsource-1.1.1k-4.ksplice1.el8', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-4.ksplice1.el8', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-4.ksplice1.el8', 'cpu':'i686', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-devel-1.1.1k-4.ksplice1.el8', 'cpu':'x86_64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'openssl-libs-1.1.1k-4.ksplice1.el8', 'cpu':'aarch64', 'release':'8', 'el_string':'ksplice1.el8', 'rpm_spec_vers_cmp':TRUE, 'epoch'

About the security content of Safari 14.1.1

Description

Affected Software

Related